Data protection smino.com
Smino AG, Werkstrasse 20, 8645 Rapperswil-Jona, is the operator of the website and the smino app and the services offered thereon and is therefore responsible for the collection, processing and use of your personal data or personal data (in this privacy policy “personal data”) and the compliance of the data processing with the applicable data protection law.
Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security.
Depending on the processing (term in the GDPR) or processing (term in the FADP) (uniformly referred to as “processing” in this privacy policy) of your personal data, in addition to the applicable Swiss law (Federal Act on Data Protection of September 25, 2020, in force from September 1, 2023, (hereinafter FADP, SR 235.1), European data protection law (Regulation (EU) 2016/679 (hereinafter General Data Protection Regulation, GDPR)) may also or exclusively apply, in particular in the context of the use of our website and the observation of the behavior of data subjects residing in the EU (Art. 3 para. 2 lit. b GDPR).
I. Name and address of the controller
Responsible:
Smino AG
Werkstrasse 20
8645 Rapperswil-Jona
Switzerland
E-mail: info@smino.com
Tel: +41 55 552 12 50
II. How we process your personal data
1. visit our website
Data processing: When you visit our website, the browser used on your device automatically sends information to the server of our website.
This information is temporarily stored in a so-called log file
Personal data: The following personal data is collected without any action on your part and stored until it is automatically deleted:
- the IP address of the requesting computer
- the name of the owner of the IP address range (usually your Internet access provider)
- the date and time of access
- the website from which the access was made (referrer URL), if applicable with the search term used
- the name and URL of the retrieved file
- the status code (e.g. error message)
- the operating system of your computer
- the browser you are using (type, version and language)
- the transmission protocol used (e.g. HTTP/1.1)
- If applicable, your user name from a registration/authentication
Purpose: The purpose of collecting and processing this data is to enable the use of our website (connection establishment), to ensure system security and stability in the long term and to enable the optimization of our website, as well as for internal statistical purposes.
Service provider: Our website is hosted by cyon GmbH, Brunngässlein 12, 40523,.
Basel Switzerland (“Cyon“).
The hoster has access to the website and thus to your personal data in the event of support.
The service provider is obliged by an agreed order processing contract to process your personal data only in accordance with our instructions, to delete it irrevocably after the order and to comply with the relevant data protection regulations.
You can find more information on the handling of user data by this service provider in the privacy policy at
Cyon: https://www.cyon.ch/ueber-cyon/datenschutz
Processing principles: We process your personal data in accordance with the processing principles set out in Art. 6 to 8 FADP.
In addition, our legitimate interest in the processing of your personal data pursuant to Art. 6 para.
1 sentence 1 lit.
f GDPR would exist.
Necessity: This information is necessary for the functioning of the website.
Retention period: The log files created for the purpose of visiting the website are stored in accordance with the relevant legal provisions for as long as is necessary to fulfill the aforementioned purposes.
2. contact
NOTE: In some cases, personal data is transferred to service providers in third countries.
Third countries are countries outside Switzerland, the EU and the EEA.
These third countries also include the USA.
The level of data protection in the USA is not comparable to that in Switzerland or Europe.
In particular, it is possible that government agencies (US authorities) may access personal data without us or you being aware of this.
Legal action may not be successful.
Personal data will only be transferred to third countries if the requirements of Art. 16 et seq. FADP are met or if you have given your consent
a) General inquiries, consultations, appointments, bug reporting
Data processing: To contact us, you can contact us by telephone, use the contact form or send us an e-mail; the reason for contacting us may be for advice or a general inquiry.
If you send us an e-mail, your personal data will also be processed by Microsoft, as we use Microsoft 365.
If you use our contact form, we use the Gravity Forms service to receive your request.
The data entered when using the contact form is transmitted to Gravity Forms and stored.
If you would like to make an appointment with us, you can do so via our service provider Calendly.
The data provided when making an appointment will be transmitted to Calendly and stored.
The data you provide for the appointment will be stored by us until the appointment is made.
We use the Slack service for internal communication and for collaboration within the team, e.g. in the case of a bug report.
In the case of a bug report, your personal data may also be processed by Slack in order to respond to your request.
We use the Crisp live chat service to provide a direct communication channel on our website.
If you use our live chat, the data you enter will be transmitted to Crisp and stored.
Microsoft, Gravity Forms, Calendly, Slack and Crisp have access to the above-mentioned personal data in the event of support.
The data you provide to us for the purpose of contacting us will be stored by us until your request has been fully processed.
Personal data: The following personal data may be collected:
- E-mail address
- Salutation
- First name
- Last name
- The company
- City
- Country
- Mobile number/phone
- IP address
- Date information (date and time)
- Telephone number, if required for the appointment
Purpose: The purpose of processing the personal data provided is to respond to and process your request for advice, bug reporting, the initiation or conclusion of contracts or general inquiries.
Service provider: We use Microsoft 365 from Microsoft Ireland Operations Ltd. in South County Business Park, One Microsoft Place, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland (“Microsoft“) to process communications.
We use the service provider Gravity Forms to provide our contact form. The provider of Gravity Forms is Rocketgenius, Inc, 1620 Centerville Turnpike, Suite 102, Virginia Beach, VA 23464-6500, USA (“Gravity Forms“).
We use the Calendly service to make appointments.
The provider of Calendly is Calendly LLC, 271 17th Street NW, Atlanta, GA 30363, USA (“Calendly“).
We use the Slack service for our communication and collaboration.
The provider of Slack is Slack Technologies Limited, Salesforce Tower, 60 R801 North Dock, Dublin, Ireland (“Slack“).
We use the service provider Crisp from the EU for our live chat service.
The provider of Crisp is Crisp IM SARL, 149 Rue Pierre Semard, 29200 Brest, France (“Crisp“).
Microsoft, Gravity Forms, Calendly and Crisp are obliged by new, currently agreed standard contractual clauses and order processing contracts to process your personal data only in accordance with our instructions, to delete it irrevocably after the order and to comply with the relevant data protection regulations. you will find further information on the processing of your personal data in the note under section 2 of this data protection declaration.
For more information on the handling of user data at Microsoft, Gravity Forms, Calendly and Crisp, please refer to the respective privacy policies:
Microsoft: https://privacy.microsoft.com/de-de/privacystatement
Gravity Forms: https://www.gravityforms.com/privacy/
Calendly: https://calendly.com/pages/privacy
Crisp: https://crisp.chat/en/privacy/
Slack: https://slack.com/intl/de-de/privacy-policy
Processing principles: We process your personal data in accordance with the processing principles set out in Art. 6 to 8 FADP.
In addition, the processing of your personal data with regard to the US services is carried out with your express consent in accordance with Art. 6 para.
1 sentence 1 lit.
f GDPR.
If you consent to the processing by Microsoft, Gravity Forms, Calendly and Slack, you therefore also consent to your personal data being processed in accordance with Art. 17 FADP and Art. 49 para.
1 lit.
a GDPR to be transferred to the USA.
The processing of your personal data would also be necessary, at your request, for the implementation of pre-contractual measures or for the execution of a purchase contract pursuant to Art. 6 para.
1 sentence 1 lit.
b GDPR would be lawful.
In addition, in the case of a general request, our legitimate interest in the processing of your personal data pursuant to Art. 6 para.
1 sentence 1 lit.
f GDPR would exist.
Necessity: This processing activity is not necessary for the functionality of the website.
Retention period: The data stored for the purpose of establishing contact will be stored in accordance with the relevant legal provisions and for as long as is necessary to fulfill the aforementioned purposes.
b) Applications
Data processing: You have the option of applying to us by post, e-mail or online via a contact form.
In the latter case, we process all the data that you send us with your application dossier.
Personal data: The following personal data may be collected:
- Mandatory applicant master data (first name, surname, e-mail address, telephone number, address, date of birth, citizenship, country of residence)
- Qualification data (cover letter, letter of motivation, CV, previous activities, professional qualifications and skills)
- Voluntary information, such as title, photo, source of application or other information that you voluntarily provide us with in your application or upload voluntarily.
- Additional questions depending on the respective advertisement (start of work and salary expectations)
- the communication between you and us as well as comments and evaluations that are written about you in the course of your application process
- other data/data categories, e.g. publicly accessible, job-related data, e.g. a public profile on professional social media networks such as XING or LinkedIn.
Purpose: The purpose of processing the personal data provided is to comply with your request regarding the initiation of an employment contract or storage in our applicant pool by means of consent.
The purpose of the consent is to enable us to return to your profile should a suitable vacancy become available.
Necessity: This processing activity is not necessary for the functionality of the website.
Retention period: The data stored for the purpose of the application will be stored in accordance with the relevant legal provisions and for as long as is necessary to fulfill the aforementioned purposes.
In the event that the application is unsuccessful, we will store your personal data for 6 months for the assertion, exercise or defense of our legal claims.
In the case of consent, we store your personal data for a maximum period of 12 months from the last consent or expression of interest and then delete it.
3. use of external technologies for marketing and analysis purposes
We use cookies and pixel technologies on our websites for marketing and analysis purposes.
You can find the cookie and pixel policy here.
Cookies are small text files that are stored on your end device and can be read.
A distinction is made between session cookies, which are deleted again as soon as you close your browser
, and permanent cookies, which are stored beyond the individual session.
Cookies can contain data that makes it possible to recognize the device used.
In some cases, however, cookies only contain information on certain settings that are not personally identifiable.
You can set your browser so that it informs you about the placement of cookies.
This makes the use of cookies transparent for you.
You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies.
Please note that our websites will then not be displayed optimally and numerous basic functions will no longer be technically available.
We use session cookies and permanent cookies on our websites.
We process your personal data with regard to cookies in accordance with the principles set out in Art. 6 to 8 FADP.
You can find detailed information in the following sections of this privacy policy.
a) Use of US technologies
(1) Use of social media plugins
Facebook, Instagram, YouTube, Linkedin plugin: We operate social media profiles on Facebook(https://www.facebook.com/sminocom/), Instagram (https://www.instagram.com/smino_culture/), Linkedin (https://www.linkedin.com/company/smino/) and YouTube (https://www.youtube.com/@sminoag/).
You can contact us via these profiles.
We have also placed social media buttons from Facebook, Instagram, Linkedin and YouTube on our website so that you can easily link to our Facebook, Instagram, Linkedin and YouTube profiles.
Your personal data will only be processed when you click on the Facebook, Instagram, Linkedin or YouTube social media button or embedded images or contact us on Facebook, Instagram, Linkedin or YouTube.
The data collected is also anonymized and then used in the form of statistics.
A recognizable marker is also set.
When you click on the YouTube social media button: We use the “extended data protection mode” option provided by YouTube.
According to YouTube, in “extended data protection mode” your data, in particular which of our websites you have visited and your IP address, will only be transmitted to the YouTube server in the USA when you watch the video.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile.
You can prevent this by logging out of your YouTube account.
Personal data: The following personal data is processed:
- User behavior
- IP address
- Connection data
- Devices and browser information
- Data about the content accessed when clicking on social media buttons
- User name or first and last name
- Possibly picture, data that you send us in the course of contacting us
Purpose:The Facebook, Instagram, Youtube, Linked plugin serve to structure our website and are used to place other web content on our website.The implementation of Youtube videos also serves to structure our website and is used to place other web content on our website.
By clicking on the respective video or social media button, you will be redirected to the website of the respective provider.
We have no influence on the processing of personal data on third-party websites and refer you to the information in section 2 of this privacy policy.
Service provider: The provider of the Facebook and Instagram plugins is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook“)
The provider of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube“).
The provider of the Linkedin plugin is LinkedIn Corp, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA (“YouTube“).
You can find more information on how Facebook and Pinterest handle user data in the respective privacy policies:
Facebook:https://www.facebook.com/about/privacy/
Youtube:https://www.google.de/intl/de/policies/privacy
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Processing principles:We process your personal data in accordance with the processing principles set out in Art. 6 to 8 FADP.
In addition, the processing of your personal data with regard to the US services is carried out with your express consent in accordance with Art. 6 para.
1 sentence 1 lit.
f GDPR.
If you consent to the processing by Facebook, YouTube and LinkedIn, you therefore also consent to your personal data being processed in accordance with Art. 17 FADP and Art. 49 para.
1 lit.
a GDPR are transmitted to the USA.
Necessity: This processing activity is not necessary for the functionality of the website.
Retention period: With regard to the Facebook, Instagram, YouTube and LinkedIn plugins, cookies can be stored on your end device for up to 10 years.
Data processed in connection with your contact via Facebook or Instagram or Linkedin will be deleted after 1 year, unless we have a retention obligation of 5 or 10 years for the communication.
(2) Use of Mailjet newsletter technologies
Data processing: We use the newsletter to inform you about us and our offers and promotions, and the data stored when you register to receive the newsletter is transmitted to Mailjet and stored.
Mailjet also has access to the above-mentioned personal data in the event of support.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and Mailjet’s servers after you unsubscribe from the newsletter.
Mailjet also offers various options for analyzing how the newsletters sent are opened and used, e.g. how many users an email was sent to, whether emails were rejected and whether users unsubscribed from the list after receiving an email.
These analyses are group-related and are not used by us for individual evaluation.
If you consent to the sending of the newsletter, you therefore also consent to the analysis by Mailjet.
Personal data: The following personal data is processed:
- First and last name, if applicable
- IP address
- Date of registration
- Transactional e-mails
Purpose: The data in question is processed for the purpose of sending out newsletters and analyzing newsletters.
Service provider: We use the Mailjet service to send our newsletter. The provider of Mailjet is Mailgun Technologies, Inc, 535 Mission St.14th Floor, San Francisco, CA 94105, USA (“Mailjet”).
You can find more information on how Mailjet handles user data in the respective privacy policy: https://www.mailjet.com/legal/privacy-policy/
Processing principles: We process your personal data in accordance with the processing principles set out in Art. 6 to 8 FADP.
If you consent to the processing of your personal data by Mailjet, you therefore also consent to your personal data being processed in accordance with Art. 17 FADP and Art. 49 para.
1 lit.
a GDPR are transmitted to the USA.
You can revoke your consent to the storage of your data and email address and their use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter or by sending an email to info@smino.ch.
The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Necessity: This processing activity is not necessary for the functionality of the website.
Retention period: The data stored for the purpose of sending newsletters and analysis will be stored in accordance with the relevant legal provisions and for as long as is necessary to fulfill the aforementioned purposes or you withdraw your consent to the processing of this personal data.
(3) Use of Pipedrive CRM technology
Data processing: We use Pipedrive as a CRM tool (Customer Relationship Management) to organize and analyze our business relationships.
The data stored in Pipedrive is recorded and processed by us.
Pipedrive also has access to the above-mentioned personal data in the event of support.
The data you have stored with us for the purposes of the business relationship will be stored by us until the end of this relationship and deleted from both our servers and Pipedrive’s servers after it has ended.
Pipedrive also offers various analysis options on how interactions with customers take place and are used.
These analyses are group-related and are not used by us for individual evaluation.
Personal data: The following personal data is processed:
- First and last name
- Contact details (e.g. e-mail, telephone number)
- Company details
- Interaction history (e.g. e-mail communication, telephone calls, conclusion of a deal)
Purpose: The data in question is processed for the purpose of maintaining business relationships, sales activities and customer analysis.
This processing activity is necessary for the efficient organization and maintenance of our business relationships.
Service provider: We use the Pipedrive service for our customer relationship management.
The provider of Pipedrive is Pipedrive Inc, 460 Park Avenue South, 5th floor, New York, NY 10016, USA (“Pipedrive”).
You can find more information on how Pipedrive handles user data in the respective privacy policy: https://www.pipedrive.com/en/privacy
Processing principles: We process your personal data in accordance with the processing principles set out in Art. 6 to 8 FADP.
In addition, the processing of your personal data with regard to the US services is carried out with your express consent in accordance with Art. 6 para.
1 sentence 1 lit.
f GDPR.
If you consent to the processing by Pipedrive, you therefore also consent to your personal data being processed in accordance with Art. 17 FADP and Art. 49 para.
1 lit.
a GDPR are transmitted to the USA.
You can withdraw your consent to the storage and use of data at any time.
The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Necessity: This processing activity is not necessary for the functionality of the website.
Retention period: The data stored for the purpose of business relationship management and customer analysis will be stored in accordance with the relevant legal provisions and for as long as is necessary to fulfill the aforementioned purposes or you withdraw your consent to the processing of this personal data.
b) Use of EU and Swiss technologies
NOTE: EU and Swiss technologies are subject to a similar level of data protection, therefore data transfers to and from Switzerland are compliant with data protection regulations.
Order processing contracts have been agreed for such data transfers.
(1) Use of Lemlist e-mail outreach technology
Data processing: By using Lemlist, we carry out email outreach campaigns and inform you about us and our offers.
The data stored for the e-mail campaigns is transmitted to Lemlist and stored.
Lemlist also has access to the above-mentioned personal data in the event of support.
The data you provide to us for the purposes of email communication will be stored by us and deleted from both our servers and Lemlist’s servers once the email campaigns have ended.
Furthermore, Lemlist offers various analysis options on how the emails sent are opened and used, e.g. how many users an email was sent to, whether emails were rejected and whether users unsubscribed from the list after receiving an email.
These analyses are group-related and are not used by us for individual evaluation.
Personal data The following personal data is processed:
- IP address
- Time of registration
- First and last name, if applicable
- Telephone number, if applicable
- Age
- Gender
- Profession
- Address
- Browser and device data
Purpose: The data in question is processed for the purpose of e-mail communication and e-mail analysis in order to generate new leads and customers in sales.
Service provider: We use the Lemlist service for our email campaigns.
The provider of Lemlist is LEMPIRE Lemlist SAS, 51 rue de la République, 69002 Lyon, France (“Lemlist“).
You can find more information on how Lemlist handles user data in the respective privacy policy: https://www.lemlist.com/privacy-policy
Necessity: This processing activity is not necessary for the functionality of the website.
Retention period: The data stored for the purpose of conducting e-mail campaigns and analysis will be stored in accordance with the relevant legal provisions and for as long as is necessary to fulfill the aforementioned purposes or you withdraw your consent to the processing of this personal data.
(2) Use of Hotjar – web analysis tool
Data processing: We use the Hotjar service to optimize our website and to better understand user behavior.
Hotjar enables us to track the behavior of our website users using heat maps and thus make improvements.
The data collected in the process is transmitted to Hotjar and stored.
Hotjar has access to the above-mentioned personal data in the event of support.
Personal data: The following personal data is processed:
- IP address (anonymized)
- Screen size of the device
- Device type and browser information
- Geographical point of view (country only)
- The preferred language used to display our website
User interactions (e.g. mouse movements, clicks and scrolling movements)
Purpose: The data in question is processed for the purpose of analyzing user behavior and optimizing our website.
Service provider: We use the Hotjar service to analyze our user behavior. The provider of Hotjar is Hotjar Ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, Europe (“Hotjar”). You can find more information on how Hotjar handles user data in the respective privacy policy: https://www.hotjar.com/legal/policies/privacy/
Processing principles: We process your personal data in accordance with the processing principles set out in Art. 6 to 8 FADP.
In addition, your personal data is processed on the basis of our legitimate interest in optimizing our online offering and analyzing the use of our website in accordance with Art. 6 para.
1 lit.
f GDPR.
Necessity: This processing activity is not necessary for the functionality of the website.
Retention period: The data stored for the purpose of web analysis will be stored in accordance with the relevant legal provisions and for as long as is necessary to fulfill the aforementioned purposes or you withdraw your consent to the processing of this personal data.
III Disclosure to third parties
Your personal data will not be transferred to third parties for purposes other than those listed and to contractors other than those listed and their subcontractors; third parties include, for example, technology providers for the optimal operation of the websites and social media presences and for the provision of the services listed above.
An order processing contract has been concluded with third parties who are subject to the FADP or the GDPR and process your personal data on our behalf.
Third parties will only process your personal data on our instructions and will irrevocably delete your personal data after the order and comply with the relevant data protection regulations.
IV. Personal data transfers to third countries without an adequate level of data protection
No disclosure is made to third countries without an adequate level of data protection or only under the contractual obligation to comply with an adequate level of data protection (EU standard clauses).personal data is only transferred to third countries if the data protection requirements of Art. 6 FADP or Art. 44 et seq. of the GDPR are met.a third country is a country outside Switzerland or the European Economic Area (EEA) in which Swiss data protection law or the European GDPR is not directly applicable. A third country is a country outside Switzerland or the European Economic Area (EEA) in which Swiss data protection law or the European GDPR is not directly applicable. A third country is considered unsafe if, according to the FDPIC or the EU Commission, the country does not have an adequate level of data protection.
With the ECJ ruling of July 16, 2020 (C-311/18), the adequacy decision for the USA was declared invalid.
The FDPIC has also withdrawn adequacy from the USA.
The USA is therefore a so-called unsafe third country.
When personal data is transferred to the USA, there is a risk that US authorities may gain access to the personal data.
Swiss citizens have no effective means of legal protection against such access in the USA. In this data protection information, we inform you when and how we transfer personal data to the USA or other unsafe third countries.
V. Data security
We take appropriate measures to ensure that your personal data cannot be viewed or stolen by third parties without authorization.
In particular, we take appropriate technical (e.g. firewall, password protection, SSL encryption, etc.) and organizational (e.g. restriction of authorized persons, training of authorized persons, etc.) measures to ensure that only authorized persons have access to this data.
Our data processing and security measures are continuously improved in line with technological developments.
Personal data is any information relating to an identified or identifiable natural person, including name, address, telephone number or e-mail or IP address. We use SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator.
You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
VI Retention period
We will retain your personal data for as long as we deem necessary or appropriate to comply with applicable laws or for as long as it is necessary for the purposes for which it was collected.
We delete your personal data as soon as it is no longer required and in any case after expiry of the maximum statutory retention period of five or ten years.
Data that is no longer required and for which there is no legal obligation to retain it will be destroyed once the purpose and justification no longer apply:
We retain data that we process by law for the statutory retention period, for example if this is required by labor, social security or tax law or the Business Records Ordinance;
We retain data that we require for the performance of a contract for at least the duration of the contract and for a maximum of 10 years thereafter, unless we require the data to assert our rights;
We retain data that we process to protect our legitimate interests for a maximum of ten years after the end of the contractual relationship, unless we need the data to assert our rights.
VII. Your rights
As a data subject, you can assert various claims against us in accordance with the applicable national and international law, and we may process your personal data again to fulfill these claims. depending on the applicable law, the data subjects can assert the following rights:
- to request information about your personal data processed by us.
In particular, information pursuant to Art. 8 FADP or Art. 15 GDPR may contain information:- on the purposes of processing
- the category of personal data
- the categories of recipients to whom your data has been or will be disclosed
- the planned storage period
the existence of a right to rectification, erasure, restriction of processing or objection - the existence of a right of appeal
- the origin of your data if it was not collected by us
- and the existence of automated decision-making, including profiling and, where applicable, meaningful information about their details
- to immediately request the correction of incorrect or incomplete personal data stored by us (Art. 5 para. 2 FADP and Art. 16 GDPR);
- to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR (Art. 15 FADP or Art. 18 GDPR);
- to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another controller (Art. 20 GDPR)
- to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims (Art. 15 FADP or Art. 17 GDPR);
- to withdraw your consent once given to us at any time.
As a result, we may no longer continue the data processing that was based on this consent in the future (Art. 7 para. 3 GDPR); - object to the processing if your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para.
1 sentence 1 lit.
f GDPR (Art. 21 GDPR) and insofar as there are reasons for this arising from your particular situation or the objection is directed against direct advertising.
In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation; - to lodge a complaint with a supervisory authority (see above) (Art. 77 GDPR).
VIII. Up-to-dateness and amendment of this privacy policy
5 Scope of license and rights
(1) From the start of the contract, the customer acquires the non-exclusive, non-transferable, freely revocable right to use and utilize the services within the limits of these GTC.
A physical copy and transfer of the services, e.g. by means of a data carrier, shall not take place.
(2) The license is limited to use for the customer’s own business purposes and depends on which license model the customer has agreed with our sales employee.
(3) The services can only be sublicensed to third parties with the consent of the provider; inviting third parties who only have limited access to the collaboration platform does not constitute sublicensing.
(4) All intellectual property rights relating to the provider’s services shall remain with the provider or the authorized third parties.
Insofar as third parties are entitled to the rights, the provider guarantees that corresponding rights of use and distribution exist.
(5) The Customer acknowledges and undertakes to respect and protect the intellectual property of the Provider, its suppliers and subcontractors.
(6) If a third party asserts or should assert claims against the customer due to infringement of an intellectual property right, the customer must inform the provider immediately in writing of such infringement notices or claims made.
The customer waives any warranty or liability claims against the provider.
6. rights and obligations of customers
(1) The customer is prohibited from copying, reverse engineering, distributing, storing (unless technically necessary for proper use), editing, modifying and offering, providing or distributing services or parts thereof to third parties for a fee or free of charge.
(2) The customer is obliged to keep all personal details truthful, complete and up to date.
Customers may not use pseudonyms.
By using the services, the customer declares that only persons of legal age have access to the services.
(3) Customers must ensure that they only use their own customer account.
They must ensure that no other person who is not authorized can use the customer account under their name.
Customers must choose a secure password, keep it safe and keep it secret.
(4) Natural persons who communicate with the provider on behalf of legal entities and manage the customer account of legal entities must always guarantee at the time of use that they are authorized to use the services on behalf of the legal entity.
(5) Customers can request support from the provider via the website.
There is no obligation to provide support.
The provider may stipulate that support services are subject to a charge.
7. remuneration
(1) The provider’s prices are exclusive of
statutory value added tax.
(2) The fixed license fee shall always be invoiced in advance at the beginning of a term for the corresponding period.
The license fee is due upon receipt of the invoice in accordance with the due date on the invoice and must be paid by the customer without any deductions.
(3) After expiry of this period, the customer shall be in default without a reminder.
The customer shall bear all costs (including reminder, collection, legal and court costs) incurred by the provider as a result of the default in payment.
The Provider may charge interest on arrears at the statutory rate.
(4) Invoicing by the provider to the customer is currently carried out by e-mail.
smino reserves the right to adapt this process in the future and send it via an online tool.
8. elimination of technical faults
(1) The customer is obliged to report any defects that occur, as well as their effects and exact circumstances (e.g. error examples, data) to the provider immediately in writing or electronically (e.g. via the support team).
The Customer shall grant the Provider access to all information required for the rectification of defects.
(2) Minor program errors are rectified by our 1st level support team free of charge.
(3) Termination by the customer due to failure to grant use in accordance with the contract is only permissible if the provider has been given sufficient opportunity to rectify the program error and this has failed.
Failure to rectify the program error shall only be assumed if this is impossible, if it is refused or unreasonably delayed by the provider, if there is reasonable doubt as to the prospects of success or if it is unreasonable for the customer for other reasons.
(4) The customer’s rights due to defects are excluded if the customer makes changes to the provider’s software or has them made without the provider’s consent, unless the customer proves that the changes have no unreasonable effects on the analysis and elimination of the defects for the provider.
The customer’s rights due to defects shall remain unaffected if the customer is entitled to make changes, in particular within the scope of exercising a right of self-remedy, and these have been carried out professionally and documented in a comprehensible manner.
(5) The Provider is entitled to circumvent a program error by means of so-called “workarounds” if the cause of the defect itself can only be eliminated with disproportionate effort and the usability of the service owed is not significantly impaired as a result.
(6) The provider’s strict liability for initial defects is excluded.
(7) If a defect reported by the customer is not attributable to the provider or if there is no defect at all, the provider shall invoice the customer for the analysis, rectification and maintenance work incurred in connection with the defect report at the applicable rates.
9. liability
(1) In the event of damage caused by slight negligence at most, the customer’s claims for damages shall be limited in amount to the damage which the provider foresaw as a possible consequence of the breach of duty at the time of the breach of duty or which the provider should at least typically have expected, but at most up to an annual usage fee.
Liability for indirect damages, consequential damages and loss of profit is excluded in these cases.
(2) The Provider shall only be liable for the loss of or damage to data or programs to the extent that their loss or damage could not have been avoided even if the Customer had taken reasonable precautions (in particular the regular creation of backups).
(3) Except in cases of assumption of a guarantee, in the case of damage caused intentionally or by gross negligence or in the case of personal injury (life, limb and health), the above limitations of liability shall apply to all claims for damages in connection with the contract, irrespective of the legal grounds (including claims in tort).
(4) The above limitations of liability shall apply accordingly in the event of any claims for damages by the customer directly against employees, agents or vicarious agents of the provider, in particular also against third-party providers.
With regard to damages caused by a third-party provider, the provider shall only be liable for a dutiful selection of the third-party provider.
However, the provider offers the customer the option of assigning his own claims against the third-party provider to the customer, insofar as this is legally possible.
(5) The provider’s liability for damages caused by force majeure is also excluded.
If a state of force majeure lasts for more than four weeks, the provider shall be entitled, subject to statutory provisions, to withdraw from the contract without further ado.
Any additional expenses shall be invoiced at the rates applicable at the time. force majeure includes events beyond the control and responsibility of the service provider such as official import or export restrictions, warlike events, terrorist activities, general mobilization, riots, sabotage, fire, floods, panic and epidemics, power supply bottlenecks, damage to or failure of IT infrastructure, etc.
(6) The customer is fully liable to the provider and third parties for the actions of third parties who have access to the customer’s customer account.
10 Term and termination
(1) The contractual relationship shall commence upon conclusion of the contract for a term of one year or for the term of the respective agreed project or the respective license.
(2) If the contractual relationship is not terminated in good time by either party, it shall be automatically extended by a (possibly further) fixed subsequent term of one year in each case, unless the contractual partner receives a notice of termination by e-mail to billing@smino.com at least 3 months before the end of the minimum term (or at the end of the subsequent term) If the customer books additional modules during the term, the term of these modules shall end at the same time, irrespective of the booking date of the modules.
The costs for these modules will be calculated pro rata on the basis of the remaining term of the main license; if the customer extends the main license, the terms of the booked modules will also be extended accordingly, unless they are terminated separately.
The costs for the modules are then calculated according to the full term of the main license.
This means that the costs for the modules are calculated in proportion to the entire term of the main license if it is extended.
For example, if the main license is extended for a further year, the costs for the modules will be charged for this additional year.
(3) The right to terminate without notice for good cause remains unaffected.
The termination must be in writing.
Good cause shall be deemed to exist in particular if the continuation of the user agreement is no longer reasonable for the provider for objective reasons, e.g. in the event of insolvency or default of payment, bankruptcy, justified doubts about the customer’s solvency, infringement of intellectual property rights by the customer, material breach of these GTC or the other contractual provisions.
(4) Furthermore, the Provider reserves the right to extraordinary termination if the Customer or third parties invited by the Customer disseminate offensive, defamatory or illegal content, send SPAM, unlawfully use the intellectual property rights of third parties, process personal data without consent, disseminate malware, act outside the rights of use or violate confidentiality obligations.
(5) The occurrence of an interruption in performance during an existing period of use shall not constitute an important reason for termination within the meaning of this contract.
The material warranty shall be excluded in the event of an interruption in performance due to force majeure.
11 Confidentiality and data protection
(1) Both parties are likely to disclose or have already disclosed confidential information within the scope of their contractual relationship.
Confidential information is all information marked as “confidential” in writing or verbal information if this has subsequently been confirmed in writing and marked as confidential, as well as information whose confidentiality is derived from its content or the circumstances of its disclosure.
Confidential information also includes the commercial agreements between the parties and the personal data collected or processed thereunder.
If there is any doubt regarding the confidentiality of information, the party that has received this information shall immediately contact the other party and request clarification, but in any case before this information is disclosed to third parties.
(2) Information shall not be deemed to be confidential information if the party receiving it can prove that
(a) it was known to it prior to disclosure by the other party
(b) it has independently developed the information without recourse to or use of information from the other party
(c) it lawfully obtained the information from a third party who, to its knowledge, was not under a duty of confidentiality to the other party
(d) it became known to it or to the public without breach of these provisions or of any other provisions protecting the other party’s business secrets; or
(e) they must be disclosed due to a legal obligation or an official or court order.
In the latter case, the party that has received the information must inform the other party immediately before disclosing it to third parties.
(3) Unless it is necessary for the fulfillment of the contract, both parties are obliged to treat the confidential information of the other party as strictly confidential, to use it only for the purposes of this contract and to protect it with at least the same care as they use to protect their own confidential information.
(4) The mutual confidentiality obligations under this section shall apply for the entire term of the contract and for a period of 5 years after its termination.
(5) In their respective areas of responsibility, the parties are themselves the responsible body within the meaning of data protection law (which means that each contracting party decides on the purposes and means of processing, collecting and using the data in its respective area of responsibility) and are themselves responsible for the lawfulness of data processing, collection and use and for safeguarding the rights of the data subjects.
Where necessary, the contracting parties must inform the data subjects about the collection, processing and use of the data or obtain their consent.
In particular when using the “Ghosts” function.
(6) The privacy policy and how the data is processed by the provider can be viewed here: https://smino.ch/datenschutz.
(7) In addition to these GTC, the order processing contract also applies, available here.
12. reference citation
The parties agree that the Provider may include the Customer and its company, in particular its logo, as a reference on the Provider’s website.
In addition, the provider is entitled
to use the company logo and the customer’s company for marketing purposes both offline and online.
13. transfer
Rights or obligations arising from individual contracts may only be transferred by the customer with the prior written consent of the provider.
The provider is entitled to transfer rights and obligations in part or in full to third parties without the customer’s consent.
14. final provisions
(1) All legally relevant declarations, amendments and ancillary agreements must be made in writing in order to be valid, with the exception of termination in accordance with clause 9 (2) sentence 1.
(2) The Provider may amend these GTC at any time without the Customer’s consent.
The Provider shall send the Customer the amended terms and conditions by e-mail at least 30 days before they come into force and shall point out the intended validity of these new GTC, including for an ongoing contract, as well as the Customer’s right to object to the validity of these GTC.
If the customer does not object to the validity of the new GTC within this period or uses the contents of the services after the amended GTC have come into force, the new GTC shall be deemed to have been accepted.
The Provider shall inform the Customer of the significance of the 30-day period, the right of objection and the legal consequences of silence in a suitable form.
(3) Should individual provisions of these GTC be or become invalid or unenforceable in whole or in part, this shall not affect the validity of these GTC and its remaining provisions.
The parties undertake to replace the affected provision with a valid and enforceable substitute provision that comes as close as possible to the economic purpose of the original provision.
15 Applicable law and place of jurisdiction
(1) Swiss law shall apply exclusively, with the express exclusion of the Vienna Sales Convention (United Nations Convention on Contracts for the International Sale of Goods, concluded in Vienna on April 11, 1980), the Convention on Jurisdiction and the Recognition and Enforcement of Judgments in Civil and Commercial Matters (Lugano Convention, LugÜ) and the Swiss Federal Act on Private International Law (IPRG).
(2) The place of jurisdiction for all disputes arising directly or indirectly from the contractual relationship is Rapperswil-Jona, Canton of St. Gallen, Switzerland.
Mandatory places of jurisdiction remain reserved.
Rapperswil-Jona, July 2023